Manage secure machine groups on CloudLink Center

You can organize machines into groups for administrative or operational purposes. For example, you might group machines for your Finance department where the volume encryption policy requires encryption of all boot and data volumes. You might also group machines for your DevOps department where the volume encryption policy requires encryption of only boot volumes. Each machine group might have a different administrator.

Each machine must belong to a machine group. A machine is assigned to a machine group during deployment. If you do not specify a group during deployment, the machine is assigned to the built-in machine group named Default. You can change the machine group that a machine belongs to after deployment.

Common things used by machines in groups monitored by CloudLink Center

All machines in a group use the same:

  • Key release policies that determine when a machine in the group can start up automatically. For more information, see CloudLink key release policies.
  • For Enterprise and Microsoft Azure and Azure Stack—Volume encryption policy that determines the types of volumes that must be encrypted (boot, data, or both boot and data). Volume encryption policy applies to virtual machines (boot and data volumes) or physical machines (data volume only). Volume encryption policy does not apply to a physical machine’s boot volume. For more information, see CloudLink Center volume encryption policy.
  • Keystore where encryption keys are stored. For more information, see Manage encryption keystores and keys in CloudLink Center.
  • Managing roles that determine the roles that administer it. Only users belonging to a managing role for a machine group can view and make changes to it.
  • Approved networks from which machines in the machine group can start up automatically. For more information, see Manage approved networks for machine groups.
  • Approved location that is used to verify that a machine is in the correct place. For more information, see Manage approved locations for machine groups.
  • Key lifetime that determines the frequency that CloudLink Center updates encryption keys for machines in the group. Once a key is updated, the previous key is expired. By default, keys never expire, which is referred to as an infinite lifetime. You can change the key lifetime.